Boise State ditches Cisco DNS

Boise State University, the largest university in Idaho, has replaced its aging Cisco Network Registrar software with appliances from BlueCat Networks that it says are easier to manage and less expensive to operate for Domain Name System  and Dynamic Host Configuration Protocol services. The fiber-optic backbone network is being upgraded to 10G Ethernet in December, with 100Mbps bandwidth to the desktop. Boise State's network links more than 170 buildings spread across its 175-acre campus in downtown Boise.

The network carries data and voice traffic, and it supports 2,300 IP-based phones. But when it comes to core network infrastructure services such as DNS and DHCP, the university decided Cisco's Network Registrar was too expensive to operate. Boise State is a Cisco shop; the university uses all Cisco switches, routers, IP phones, wireless access points and wireless controllers on its network, which supports 21,000 students, faculty and staff. Case study: The Google-ization of Bechtel   Boise State isn't the only organization to discover that it could save money by switching from DNS software to DNS appliances. Boise State had the same problem. The Nevada Department of Corrections recently bought DNS appliances from BlueCat rival Infoblox to replace DNS software from Novell that was requiring too much time from network administrators.

Until this summer, the university was running an old edition of Cisco Network Registrar - Version 5.5, which was at the end of its life - on a Windows server for its DNS and DHCP services. "It was very limited as far as what was actually in the database for DNS and DHCP, and what you could see through the [graphical user interface]," says Diane Dragone, network engineer at Boise State. "There was no easy way to see what was really in the database except through command line tools." In addition, Boise State had to do custom coding in order to make this older version of Cisco Network Registrar work with all the vendor tags needed for DHCP. Boise State needed to upgrade the Cisco Network Registrar software, but that option was too expensive, Dragone says. Dragone explored several alternatives, including DNS software from Novell, Microsoft and Men & Mice. Cisco ended support for Cisco Network Registrar Version 5.5 in May 2006, and it is now selling Version 7.0 of the software. "We didn't want to pay the price for upgrading the software; it became extremely expensive," Dragone says. But eventually she zeroed in on appliances, and ended up testing devices from BlueCat and Infoblox. The retail cost of the two appliances was $26,000. "It came down to cost," Dragone says. "Plus, there were a couple things in the [interface] of the management system that I liked better, but they were very small." Dragone said installation of the Adonis 1000s was easy. "I spent a few weeks on my own learning the interfaces on the Adonis system, the GUI interface and the command-line interface, until I had a good comfort level. Boise State bought two BlueCat Adonis 1000 appliances, which are set up to be redundant to each other.

Then I did a testbed of two small buildings…to roll them onto the system for DNS and DHCP so we could test our Active Directory integration and our VoIP to make sure we had no issues," she explains. She says she can patch the appliances in the middle of the work day, rather than scheduling off-hours maintenance. Dragone said it took three weeks to migrate the entire campus network to the DNS and DHCP services from the BlueCat appliances. "We had no helpdesk calls as a result of the conversion," she says. "People didn't really know it happened." Dragone's favorite features of the Adonis system are the search capabilities and the instantaneous replication between the master and slave systems. Boise State hasn't experienced any outages or other significant problems with the BlueCat appliances. "I have no complaints whatsoever," Dragone says. "I like all the reports that you can look at. That has really come in handy." Operating modern appliances is a lot easier than keeping aging software running, Dragone says. "There are savings headache wise," Dragone says. "I spent an entire week in December trying to figure something out that never got resolved. The other thing I really like is the tool for checking your DNS database before you deploy your configuration.

There were a lot of band-aid fixes on the old system to the point where we were shuffling around where the DHCP was coming from." Cisco declined to comment for this article. Among BlueCat's higher ed customers are UC Berkeley, UCLA, the University of Michigan and the University of Calgary. Branko Miskov, director of product management at BlueCat Networks, says more universities like Boise State are migrating to appliances for DNS and DHCP services. This segment now represents more than 10% of BlueCat's sales. "We've actually had some pretty significant traction in the higher ed market…in the last 18 months," Miskov says. "They're a little more diverse in terms of the feature sets they use, whereas a lot of enterprises are pretty much uniform. The dorms have different requirements than the university buildings, so they really use the full extent of our gear." Miskov says universities are upgrading their core network services in response to the explosion of IP devices in dorm rooms, such as computers, PDAs and gaming consoles. "Each dorm room might require three or four IP addresses, and that's not even thinking about the faculty requirements," Miskov says. "For those that are rolling out VoIP, that introduces a whole slew of new IP addresses into the mix and makes it harder to manage."

Acresso who? Macrovision spinoff changes name, again

Under a legal threat from another software firm with a similar name, Acresso Software Inc. is changing its name to Flexera Software after just 19 months. Acresso sells software such as software its installation utility, InstallShield, and software license manager, FLEXnet, to software vendors and enterprises. The company will officially announce the change next Tuesday, but had already notified partners and customers on Thursday. It was spun out of Macrovision Corp. after the unit was acquired by venture capital firm Thoma Brava Cressley in April 2008. Macrovision retained the digital rights management (DRM) apps for which it is best-known.

Acresso, which the company said was derived from the Latin word "Cresco" for "to grow, increase" faced a "challenge" on its name from ERP software maker Agresso Software , said Randy Littleson, senior vice-president of marketing for Acresso. "Our executive team decided that there were better ways to invest our time and money, and that we didn't need this distraction," Littleson said. "The action we're taking will let us avoid a potential lawsuit." Acresso did not immediately return an e-mailed request for comment. It changed its company name in July to Rovi Corporation. Acresso was founded in 1980 and has annual revenue of about $475 million. That dwarfs Acresso, which has 375 employees and annual revenues of $115 million. It also has 3,500 employees at 16 offices globally.

Flexera will be the fourth name in five years facing long-time users of InstallShield, which was bought by Macrovision in 2004. Perhaps predictably, early public reaction to the new name tended towards the sarcastic. "As if the makers of InstallShield hadn't already done enough damage to their brand, let's just go change names yet again!" wrote Christopher Painter, an InstallShield consultant, on his blog yesterday. "Acresso Software is becoming Flexera Software for no apparent reason. Littleson said the company considered changing its name to Installshield, being that it is its best-known product, but ultimately came to the conclusion that it didn't represent the breadth of its application stable. Go ahead. #ScrambleMyBrands," another tweet said. He dismissed the notion, brought up by some bloggers , that the new name will cause legal trouble or just confusion with a solar and wind power company Flexera. "We're quite aware of it. We think this is very different, compared to when it was two software companies." That's one of the reasons why it's Flexera Software," he said. "How similar are we to an energy company?

IBM green city lab aims for Chinese government deals

IBM will develop green city planning applications with a Chinese municipality that it could sell in other government deals in China, the company said Wednesday. Shenyang, in Liaoning province, will pay IBM 275 million yuan (US$40 million) initially and invest further funds in the lab, IBM said. IBM and the northeastern city of Shenyang will launch a joint development lab for computer applications that help forecast water pollution trends, plot efficient traffic plans and devise caps on industrial carbon output, said Thomas Li, director of the IBM China Research Lab, in an interview.

IBM will provide intellectual property in data modeling, analytics and high-speed computing to kick start the lab, which will customize current IBM applications for use by the local government. IBM will also provide services such as placement selection for sensors that track water quality in city mains. One application, which balances carbon emissions and industrial output when given targets for each, will help Shenyang assess the environmental state of various industries in case it is one day required to assign carbon caps. But the joint lab will also develop new applications, which will cover public opinion analysis and food production monitoring in addition to city planning. IBM itself will give the lab the equivalent of 20 to 25 full-time researchers. The products that come out of the lab could later be sold to other local Chinese governments looking for green projects, said Li. IBM will give a cut of the sales revenue to Shenyang and a local university, both of which will contribute researchers to the lab, he said.

The deal creates a new model for IBM's cooperation with local governments and other partners, said Li. IBM has similar joint labs in other countries and is in talks with three other local Chinese governments about labs like the one planned for Shenyang, he said. It has sought the deals partly to place itself in areas of future public and private investment, both of which often follow government agendas, said Li. IBM has worked, for instance, with China's railway ministry to deploy train monitoring and service stations nationwide, and with the Wuxi city technology park on an application hosting and development platform IBM hopes to deploy around the country. IBM does much of its business in China with government bodies.

New Firefox security technology blocks Web attacks, Mozilla claims

Mozilla has released a test build of Firefox that adds new technology designed to stymie most Web-based attacks, the browser maker said Sunday. That would block any script or malicious code that's been added by hackers who manage to compromise the site or app. The technology, dubbed "Content Security Policy" (CSP), is a Mozilla-initiated specification targeted at Web site and application developers, who will be able to define which content on the site or in the online application is legitimate. Such attacks are generally tagged with the label of cross-site scripting (XSS). Preview editions of Firefox are available for developers to try out, said Mozilla in an announcement last week . "This isn't a single trick that's meant to counter a single kind of attack," said Johnathan Nightingale, the manager of the Firefox front-end development team. "This helps sites solve cross-site scripting, but it's more than that.

With CSP in place, Firefox will allow the former but will automatically block the latter. "It is in some ways similar to NoScript," said Brandon Sterne, Mozilla's security program manager, referring to the popular Firefox add-on that blocks JavaScript, Java, Flash and other plug-ins often abused by hackers. "The main difference is that the Web site itself is determining the policy. They now have a way to shut everything dynamic off, so that no matter what content gets added to a site, if it's on the page and they've sent us policy instructions in its header, we shut it down." Firefox is passing the baton to site and application developers, who will be able to separate the legitimate from the illicit content. NoScript is a great tool, but a large number of Web users are not sophisticated enough to manage the kind of decisions it requires." Nightingale and Sterne have pinned high hopes on CSP, which grew out of an idea first put forward by security researcher Robert "rsnake" Hansen in 2005. Last year, Hansen, the CEO of SecTheory, and Jeremiah Grossman, chief technology officer at WhiteHat Security, made headlines when they revealed details about how browsers were vulnerable to so-called "clickjacking" attacks . "Absolutely, this will drive a stake through the heart of cross-site scripting attacks," argued Sterne. "An attacker injects some script that harms the users of that site, that encompasses content injection. Google , the maker of Chrome, was not available over the weekend, but the company has previously said it generally doesn't comment on future product development. Out of the box, CSP [lets sites send] signals to the browser that says, 'We're gonna turn off everything by default.' Cross-site scripting will be neutered at that point." But Nightingale and Sterne realize that, even with nearly a quarter of the world's Internet users running Firefox, Mozilla faces a tough road if it's the only browser maker pushing CSP. "Both the Internet Explorer and Chrome teams have contributed to the design discussions of the specification," said Sterne. "They have some tentative interest in implementing it at some point in the future." Earlier this year, Eric Lawrence, a program manager on Microsoft 's Internet Explorer (IE) team, called CSP "a good idea" and "a promising approach" in a pair of entries on the official IE blog, but did not commit Microsoft to supporting the technology. "It's great to see that others are taking this threat seriously, as well," said Sterne.

Mozilla must also convince site and application developers that it's worth their while to use CSP. Nightingale and Sterne declined to name the sites that have expressed interest in using the technology. "The first step is for us to use it," said Nightingale, adding that Mozilla would turn one of its online properties into a guinea pig to show others that CSP is possible, and to iron out problems. The one thing they did say was that it wouldn't show up in the minor upgrade, Firefox 3.6 , that's to ship in November. The pair was also vague about when CSP would debut in a production version of Firefox. The first, and likely only, beta of Firefox 3.6 is slated to ship Oct. 13. "Whatever comes after 3.6, that's the earliest," said Sterne. Microsoft, for example, added a cross-site scripting filter to IE8 that the company said would block most attacks. Mozilla isn't the only browser maker trying to protect users from cross-site scripting attacks.

Preview builds of Firefox with CSP enabled can be downloaded for Windows, Windows Mobile, Mac and Linux from Mozilla's server . Sterne has also posted a demonstration page that graphically shows how various scripts are blocked by the technology.

Citrix desktop virtualization push: any device, any location

Citrix on Monday said its latest desktop virtualization software will give users access to high-definition desktops from any location and from just about any device, including PCs, Macs, thin clients, laptops, netbooks and smartphones. The latest version offers a range of server-and client-side virtualization options, including offline desktops hosted in local virtual machines; desktops hosted on blade PCs; hosted desktops based in virtualized servers; and hosted shared desktops. "Traditional PCs were designed for a very different world," Raj Dhingra, XenDesktop general manager, said during a press conference Monday. "Today, the world is flat and small. Citrix is betting that Windows 7 will drive a new wave of desktop virtualization adoption, and is releasing XenDesktop version 4 to take advantage of these expected new users.

We need to work in entirely different ways than before. Now it says XenDesktop with its accompanying FlexCast delivery technology is Citrix's first product "to support every major desktop virtualization model in a single, integrated solution." Citrix said XenDesktop will support high-definition graphics for all users with its HDX technology, which has been improved with support for flash multimedia, 3D graphics, webcams and VoIP, with optimized delivery to branch offices over WANs. Citrix claims that HDX requires 90% less bandwidth than competing technologies. A traditional PC that is locked to an office or a laptop is too confining." 13 desktop virtualization tools Citrix hinted at its all-devices strategy earlier this year when it brought virtual desktops and applications to the iPhone. XenDesktop 4 will be generally available Nov. 16 for prices ranging from $75 to $350 per user. The desktop virtualization market has lots of room for growth.

Customers using XenApp, Citrix's application virtualization technology, will be able to trade up to XenDesktop with discounts of up to 80%. Citrix is also enabling centralized management of virtual desktops and applications by integrating XenApp with XenDesktop, the company said. Fewer than 10% of data centers worldwide have virtualized desktops, according to ITIC lead analyst Laura DiDio. Citrix, Microsoft and VMware are all going after the virtual desktop markets, although surveys show mixed results when comparing the vendors. Thirty-one percent of customers plan to virtualize in 2010, according to an ITIC poll of 400 corporations. According to ITIC, 41% of companies using desktop virtualization went with Citrix, compared to 28% for Microsoft and 16% for VMware.

Citrix said XenDesktop 4 contains 70 new features to enhance performance and security. But when measuring by deployed seats, VMware has about a two-to-one lead over Citrix, according to Burton Group analyst Chris Wolf. But the key is delivering the right type of desktop based on users' varying needs, the company said. As many as 500 users can be accommodated by a single server in this model, according to Citrix. For example, task workers who share a similar set of applications may be best served by a shared, server-based virtual desktop, Citrix said. "This model gives each user a standardized, locked-down desktop ideally suited for jobs where user customization is not needed or desired," Citrix said.

By contrast, office workers who need more personalized desktops may be best served by a virtual desktop infrastructure model in which each desktop is a dedicated virtual machine. Blade PCs in the data center are ideal for delivering high-end applications to "power users," Citrix said. This model supports about 60 to 70 desktops per server, according to Citrix. Another option lets companies stream desktops to each user's device, which lets the user device run the desktop locally while letting administrators centrally manage the operating system, applications and data. The virtual applications can run offline, making them popular with mobile users, the company said. "By centralizing apps and delivering them as an on-demand service to existing desktops, this option offers many of the ROI and management benefits of a fully virtualized desktop with minimal setup costs, making it an ideal starting point for customers new to desktop virtualization," Citrix said in its XenDesktop announcement.

But for companies just starting out with virtualization, the simplest option may be to deliver virtual applications to traditional PCs, Citrix said. Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

OpenDNS: Forget free. We want paying customers

Free isn't all it's cracked up to be. The idea that the best price is zero is gaining popularity, thanks to the high-tech tome "Free: The Future of a Radical Price." Author Chris Anderson makes a compelling argument that freebies and giveaways attract customers, especially on the Internet. At least according to free DNS service provider OpenDNS, which is unveiling on Monday a suite of paid services targeted at enterprise customers. But with its announcement Monday, OpenDNS makes clear that its plan is to migrate from free consumer-oriented DNS services toward paid, profit-making products used on enterprise networks. "Our plan is to transition into the enterprise following the Google model," says David Ulevitch, founder and CTO of OpenDNS. "Google did this with Gmail.

Our evolution is similar. First they had Gmail, then they had Gmail for pay, and now they have a complete office suite Google Apps. We have a free consumer service.. Now we're turning that into a paid enterprise service." OpenDNS is a venture-funded start-up with 15 million users of its free recursive DNS service. We invented and pioneered the idea of DNS with integrated security.

These users include consumers, schools and some businesses, which use OpenDNS to allow their employees to browse the Web. One advantage of OpenDNS is that it bundles Web content filtering with its DNS service. OpenDNS says it is handling more than 17 billion DNS queries per day with this service. OpenDNS also operates PhishTank.com, a community site that fights phishing. OpenDNS makes money by selling ads for its re-direction service.

Users of the free OpenDNS service view advertisements when they type in the wrong Web address. Now OpenDNS is selling an ad-free version called OpenDNS Deluxe, which is geared toward small businesses. Ulevitch says OpenDNS Deluxe and OpenDNS Enterprise are more cost-effective for companies than running separate DNS and Web content filtering software from vendors such as Websense. OpenDNS also is announcing OpenDNS Enterprise, which provides more comprehensive Web filtering, auditing and reporting features, 24/7 support and service-level agreements. Another advantage is that these premium services don't require customers to purchase or install appliances, as some rival DNS and Web filtering companies do. "We don't do everything that Websense does," Ulevitch admits.

Ulevitch says OpenDNS has 25 businesses using its premium paid services. But he says that OpenDNS offers the most popular features of a product like Websense, including the ability to block adult content and 50 other categories of Web sites. "We do 70% of the things that Websense does that people care about," he adds. These paying customers include The Coffee Bean & Tea Leaf, a retail chain that offers in-store Wi-Fi and uses OpenDNS to support Web browsing and to block adult content. "These retail chains want to monitor sites, but it's not reasonable for them to put a security device in every store," Ulevitch says. "They are growing fast, and they want to have one Web-based dashboard so they can block certain sites to all their stores. They don't want to show ads, and they are willing to pay for professional support." OpenDNS says the new premium paid services for enterprise customers are available under an early access program, with general availability expected in the fourth quarter of 2009. Free recursive DNS services such as OpenDNS and DNS Advantage Service from rival Neustar UltraDNS are gaining in popularity among corporate customers. Now they have granular control, and they don't have appliances which is a huge savings.

Neustar UltraDNS says it is handling between 3 billion and 5 billion DNS queries a day through its free DNS Advantage service. DNS Advantage "does obviously generate additional business for our managed DNS service," says Rodney Joffe, senior vice president and senior technologist at Neustar. "But companies are looking for a DNS solution that deals with phishing and pharming and malware…Some of our customers want DNS Advantage, and some of our customers already have DNS appliances in their network." Joffe says DNS is so critical to corporate networks these days that customers care more about performance than about price, be it free or paid. "The kinds of customers we have had for 10 years don't come to us because they are trying to save a buck. However, Neustar UltraDNS derives most of its revenue from selling managed external DNS services to enterprises and e-commerce sites such as J.Jill and Diamond.com. They may in the beginning, but they are staying with us because we run an enterprise-level service infrastructure," Joffe adds. "These tend to be customers for whom DNS is critical." DNS Advantage doesn't include Web filtering like OpenDNS Enterprise, but Joffe says this feature will be available in the first half of next year. Joffe says having companies like OpenDNS enter the enterprise space with outsourced DNS services helps validate the niche. "We've been the major provider for quite awhile," Joffe says. "There's definitely a market."

AT&T to offer remote PC repairs without system booting

AT&T is upgrading its remote PC repair service that will allow technicians to resolve issues without a customer fully booting a computer, the company said on Thursday. With the upgraded service, PC problems can be solved even when the system cannot be booted due to hardware problems or OS failure. Technicians from AT&T's Tech Support 360 service were previously able to remotely fix customers' PC problems only when the operating system was loaded and a browser session was running, said Ebrahim Keshavarz, vice president of business development at AT&T, during a conference call.

The capability allows technicians to fix more PC problems than was previously possible. Users need to enter a specific keystroke sequence to connect the failed PC over the Internet with AT&T technicians. For example, technicians will now be able to fix hardware-level issues like corrupted BIOS, as well as reset system passwords, repair and update network card drivers, and remove malware more effectively, Keshavarz said. "There are times when you cannot get a functioning browser to connect to the Internet," Keshavarz said. To enable that capability, AT&T is adopting Intel's Remote PC Assist Technology for the service. AT&T launched Tech Support 360 in 2008 as a service to remotely solve PC problems, including software, hardware and peripheral issues, for small and medium-size businesses.

The remote support technology is a part of Intel's vPro hardware and software management for PCs mainly used in business environments. For example, it troubleshoots Windows OS issues and hardware problems like faulty hard drives and wireless networking configurations. Monthly subscriptions will start at US$19 per month, Keshavarz said. It can also solve malware problems on PCs. AT&T will begin offering the service in the first half of next year. If a remote technician is unable to solve a problem, AT&T will dispatch technicians on site at an extra charge. The pre-boot support service won't work on PCs with chips from Advanced Micro Devices, as the underlying technology is based on Intel's vPro technology.

However, there are certain limitations attached to AT&T's upgraded service. The service also won't work on Apple's Macintosh systems. Tuhy said that the technology will be available with laptops based on Intel's Calpella platform, which will include a set of processors based on the Nehalem processor. Right now only desktops support Intel's vPro remote support technology, but it is expected to reach laptops soon, said David Tuhy, general manager of the business client group at Intel. Intel has said it would reveal details about the first chip belonging to the Calpella platform, code-named Clarksfield, next week at the Intel Developer Forum.